Having troubles with a login system

Anon

I'm having troubles with a login system...
In the 'welcome' statement, $fname just won't output! What am I doing wrong? And if someone has any suggestions to improvements please come with them...

<?
if ($action=="login") {
mysql_connect ("localhost");
mysql_select_db ("user") or die("unable to select database");
$query="SELECT fname, lname, username FROM user WHERE (username='$login') AND (password='$password')";
$result = mysql_query ($query) or die(mysql_error());
if (mysql_num_rows($result) != 0) {
$fname = mysql_result($result,0,"fname");
$username = mysql_result($result,0,"username");
setcookie("userauthCookie", $username, time() + 3600);
$HTTP_COOKIE_VARS[userauthCookie];
header("Refresh: 0; url=login2.php;");
}
}
?>

<head>
<title>Login test</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Verdana" size="1">
<?
if (isset ($userauthCookie)) {
echo "Welcome, $fname";
} else {
?>
</font>
<form action="login2.php" method="post">
<table cellspacing="2" cellpadding="2" border="0">
<tr>
<td><font face="Verdana" size="1">Name: </font></td>
<td><font face="Verdana" size="1">
<input type="text" name="login">
</font></td>
</tr>
<tr>
<td><font face="Verdana" size="1">Password: </font></td>
<td><font face="Verdana" size="1">
<input type="password" name="password">
</font></td>
</tr>
</table>
<font face="Verdana" size="1">
<input type="hidden" name="action" value="login">
<input type="submit" name="Login" value="send">
</font>
</form>
<font face="Verdana" size="1">

<?}?>
</font>
</body>

kparker

Sure, you're setting $fname in one instance of the script, and then expecting it to be there after the refresh, which runs a whole new instance. You could store the fname field in its own cookie, or else use sessions (which has the added advantage of being more secure than storing the username in the cookie.)

Anon

Ohh ok, how would I successfully add a session to my script?

kparker

For starters:

   www.php.net/manual/en/ref.session.php

Anon

I've done that, but me being fairly new to PHP and stuff, I don't know where to begin the altering of the current 'cookie code'
I've tried adding a "url?session_id" but to no luck, I don't even understand how to check if the session is set... I know I'm stupid but I'd appreciated if somebody could help me out a little more, example code, editing my code or whatever

PLEASE! 🙂

laurabrandt

Good sample codes on how to use session and cookies can be found at

http://www.thickbook.com/srccode/index.phtml?b=pe&ch=pe6

Hope this helps.

Laura Brandt

Aletia Hosting - Full-Featured, Superfast Web Hosting
PHP, MySQL, Perl, Multiple domain support and more.
200MB + 10GB Transfer at $9.95/mth
http://AletiaHosting.com - AIM: AletiaSales

fandelem

here are my cookie functions: note that $id is the cookie md5(rand()) number accessible by:

$id = $HTTP_COOKIE_VARS['id'];

and also, the cookie set is called, "id".

here are the functions as promised:

function insert_cookie($unique_id, $expiry, $user_id) {
/ table looks like:
CREATE TABLE session (
id tinyint(11) NOT NULL auto_increment,
user_id tinyint(11) DEFAULT '0' NOT NULL,
session_id char(32) DEFAULT '0' NOT NULL,
expiry char(10) DEFAULT '0' NOT NULL,
PRIMARY KEY (id)
);
/
global $DB_CONF, $HTTP_HOST;

    // incoming: user_id, session_id(uniqueid), expiry

    $sql = "INSERT into {$DB_CONF["table_session"]} (user_id, session_id, expiry)
    VALUES (\"$user_id\",\"$unique_id\",\"$expiry\")";
    $sql_result = mysql_query($sql) or die ("Couldn't execute query. (message_database()) ".mysql_error());
    if ( !$sql_result ) {
           return 0;
    }
    else {
          setcookie("id", $unique_id, $expiry , "/", "$HTTP_HOST", 0);
          return 1;
    }

}
function check_cookie($id) {
// incoming: $unique_id off the cookie
global $DB_CONF;

    $sql = "SELECT * FROM {$DB_CONF['table_session']} where session_id='$id'";
    $sql_result = mysql_query($sql) or die ("Couldn't execute query. (message_database()) ".mysql_error());
    if ( !$sql_result ) { return 0; }

    while ($row = mysql_fetch_array($sql_result)) {
            $user_id = $row['user_id'];
            $expiry = $row['expiry'];
    }

    $current_time = time();
    if ( $current_time > $expiry ) { // let's update cookie
          $expiry = time()+99999999;
          setcookie("id", $unique_id, $expiry,"/", ".$HTTP_HOST", "0");
          $sql = "UPDATE {$DB_CONF['table_session']}
          set expiry = \"$expiry\" where session_id = \"$id\"";
          $sql_result = mysql_query($sql) or die ("Couldn't execute query. (message_database()) ".mysql_error());
    }

    if ( $user_id > '0' ) { // they matched against session database
         return $user_id;
    }
    else {
          // okay.. old cookie, let's remove it from them&database
          clear_cookie($id);
          return 0;
    }

}
function clear_cookie($id) {
global $DB_CONF, $HTTP_COOKIE_VARS;

    // clears cookie from user
    setcookie("id","","","/", ".$HTTP_HOST", "0");
    // clears cookie from database
    $sql = "DELETE FROM {$DB_CONF['table_session']} where session_id='$id'";
    $sql_result = mysql_query($sql) or die ("Couldn't execute query. (message_database()) ".mysql_error());

    return;

}

hope this could help. if you need any additional help, contact me; i'd be more than willing to show you my login scripts 😉

Anon

Thx alot mate! Maybe I'll take that offer also by the way...if you need any design work done, don't hesitate about contacting me either! Always glad to help designing websites, advertisements, posters and so on